Ireland’s privacy regulator is weighing potential probes into how some online companies handle children’s data.
The Irish privacy office is “scoping” children’s privacy enforcement actions, Irish Data Protection Commissioner Helen Dixon told Bloomberg Law, without naming specific companies.
“There will absolutely have to be changes and will be changes in terms of how” online companies handle children’s data, Dixon, a leading European Union privacy official, said. It’s a “big area of importance” for the commission, she added.
Dixon can levy penalties of 4% percent of annual revenues, or 20 million euros, whichever is greater, under the European Union’s General Data Protection Regulation for companies that violate the bloc’s privacy law. Her office has already opened 61 privacy probes, including 21 investigations into multinational tech companies like Facebook Inc., Alphabet Inc.'s Google, and Apple Inc.
Dixon’s heightened focus on the issue comes as U.S. regulators and lawmakers pay more attention to the handling of children’s online data. Google agreed to pay $170 million to settle U.S. Federal Trade Commission and New York state claims the company ran afoul of the Children’s Online Privacy Protection Act. Sens. Josh Hawley (R-Mo.) and Edward Markey (D-Mass.) are seeking to update the decades-old law to include further protections for children under 16 years old.
Businesses are required to provide specific privacy protections, like parental consent, for children younger than 13 under COPPA. The GDPR provides further protections for children in the EU under 16 years old.
The potential probes would help highlight what companies should do to protect kids online under the GDPR, Dixon said.
Dixon said she will release a report in the early fall following an already completed public consultation about the use of children’s data online.